search

Mapepire-IBMi / mapepire-server

Server-side support for Code for IBM i
GNU General Public License v3.0
24 stars 8 forks source link

TLS enhancements #28

Open ThePrez opened 2 months ago

ThePrez commented 2 months ago

Moved from checklist in https://github.com/ThePrez/WatsonX-SDK-Db2-IBMi/pull/8

ThePrez commented 2 months ago

45 has a reworked mechanism for manually-defined certs

richardschoen commented 2 months ago

Not sure if this matters since you really want people to use TLS1.3 but it looks like the server only offers up TLS1.3 or none for a TLS option.

This eliminates anything on the desktop older than Windows 11. Windows 10 maxes out at TLS1.2.

Not sure about MacOS or Linux use cases.

This may not be an issue if the intended usage in server to server app rather than desktop to server. But I wanted to note my findings/

william-xiang commented 1 month ago

@ThePrez Wondering if we need to change the way to obtain the FQDN of IBM i when generating the self-signed certificate. In some scenarios InetAddress.getLocalHost() does not return the correct FQDN. This depends on the network configuration of IBM i. These two issue below are related to this. https://github.com/Mapepire-IBMi/mapepire-server/issues/64 https://github.com/Mapepire-IBMi/mapepire-server/issues/74